README
¶
Overview
This plugin provides the ability for your VolantMQ server to perform authentication (determining who can log in) and authorisation (determining what permissions they have) by making requests to an HTTP server. This plugin can put a significant amount of load on its backing service.
Configuring and enabling the Plugin
plugins:
enabled:
- auth_http
config:
auth: # plugin type
- name: http1
backend: http
config:
path:
user: http://some-server/auth/user
resource: http://some-server/auth/resource
- name: http2
backend: http
config:
path:
user: https://some-another-server/auth/user
resource: https://some-another-server/auth/resource
API authentication
Auth backend may want authentication to API call itself using Authentication header. If so environment variable VOLANTMQ_PLUGIN_AUTH_<name>_TOKEN can be supplied.
Lets assume from config above that backend accessed by http2 needs token. Environment variable then looks as VOLANTMQ_PLUGIN_AUTH_HTTP2_TOKEN=<token>
Value in variable must not contain Bearer prefix
What Must My Web Server Do?
This plugin requires that your web server respond to requests in a certain predefined format. It will make POST requests against the URIs listed in the configuration. It will add parameters as a URL-encoded request body as follows:
user_path
namespace- the namespace server belongs toclientId- the clientId used be connectionuser- the name of the user (can be missing)password- the password provided (can be empty)
resource_path
namespace- the namespace server belongs toclientId- the clientId used be connectionuser- the name of the user (can be empty)name- topic name or filterpermission- the access level to the resource (writeorread)
Your web server should always return HTTP 200 OK, with a body containing:
deny- deny access to the user / resourceallow- allow access to the user / resource
Backend example
Take a look auth_test.go for basics in backend implementation
Documentation
¶
There is no documentation for this package.
Source Files